Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AEMaaCS: permissions set only on immutable content #645

Open
dominik-przybyl-wttech opened this issue Sep 21, 2022 · 2 comments
Open

AEMaaCS: permissions set only on immutable content #645

dominik-przybyl-wttech opened this issue Sep 21, 2022 · 2 comments

Comments

@dominik-przybyl-wttech
Copy link

Scenario:
I've created new cloud dev instance.
I've also create new project based on aem project archetype, in which I've added following changes:

  • add yaml scripts with permission configuration, adds mysite-fragment-mysite-all-acl group to /apps/mysite, /apps/dam, /content/mysite, /content/dam folders
  • org.apache.sling.jcr.repoinit.RepositoryInitializer~mysite-user.cfg.json - repoinit configuration, which creates system user
  • org.apache.sling.jcr.repoinit.RepositoryInitializer~netcentric-dir.cfg - repoinit configuration, which creates /apps/netcentric folder
  • org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-ncActoolSystemUser.config - configuration, which maps mysite-system-user with biz.netcentric.cq.tools.accesscontroltool.bundle and biz.netcentric.cq.tools.accesscontroltool.startuphook.bundle
  • biz.netcentric.cq.tools.actool.impl.AcInstallationServiceImpl.cfg.json - configuration, which install yaml scrips.

It means that I don't have ACTools in my all-in-one package.
Here is PR with that changes dominik-przybyl-wttech/mysite#1

That I've deployed this code on new cloud dev instance.

Result:
Permissions have been set only on immutable content (fig1, fig2).
No permissions have been set on mutable content (fig5).
History logs from build phase have been saved under /apps/netcentric/achistory folder (fig3). he History logs show that yaml scripts were executed by biz.netcentric.cq.tools.actool.startuphook.impl.AcToolStartupHookServiceImpl service (trigger=startup_hook_image_build) (fig3). History logs have been created by mysite-system-user user (fig4).
There is no history logs for mutable content (/var/statistics/achistory folder) (fig6).

How is this possible?

  • fig 1fig-1
  • fig 2fig-2
  • fig 3fig-3
  • fig 4fig-4
  • fig 5fig-5
  • fig 6fig-6
@kwin
Copy link
Member

kwin commented Sep 21, 2022

Sounds like #545.

@dominik-przybyl-wttech
Copy link
Author

dominik-przybyl-wttech commented Sep 22, 2022
edited

I think my case is different. In my project I don't use ACTool, I didn't add ACTool dependency in any pom. I've only added some scripts and configurations. My expectation were that nothing will happened (no permissions added, no achistory logs), but somehow I have traces ACTool execution during build phase.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kwin @dominik-przybyl-wttech